Uploaded image for project: 'Core Server'
  1. Core Server
  2. SERVER-10399

Unchecked string access in parseNs may yield garbage collection name for commands without collections

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major - P3
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.5.2
    • Component/s: None
    • Labels:
      None
    • Operating System:
      ALL

      Description

      parseNs (and parseNsFullyQualified) expect that the cmdObj provided will have a leading String valued field containing a collection name, so use the unchecked valuestr() method on BSONElement to obtain that value:

      https://github.com/mongodb/mongo/blob/51af8d67570b33fa5d5b4d36b18215535d38dd85/src/mongo/db/commands.cpp#L67

      However, some commands (like a database drop) do not have a collection name.

      The auditing code in this file attempts to use these methods to format audit trail events for all commands. When it does so for commands that have no collection, the result is a collection name formed from whatever data is pointed to by the first element in the cmdObj, interpreted as a C string.

        Attachments

          Issue Links

          related to

          Bug - A problem which impairs or prevents the functions of the product. SERVER-16072 Improve namespace construction in commands

          • Major - P3 - Major loss of function.
          • Closed

            Activity

              People

              Assignee:
              acm Andrew Morrow
              Reporter:
              acm Andrew Morrow
              Participants:
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved: